3. Supplicant Reports when Trace enabled in the RASTLS file - â>> Received Failure (Code: 4) packet: Id: 8, Length: 4, Type: 0, TLS blob length: 0. Flags:â and âCode 4 unexpected in state SentFinishedâ
1. Wireless Clients using the windows supplicant and EAP-TLS connect without any issue.
2. ACS has certificates issued by 3rd Party Root CA - Geotrust.
3. Clients have Certs issued by clients own CA infrastructure.
4. ACS has the clients Root CA cert in the trust list and hence why the wireless users work.
5. PEAP works fine on wired.
Any pointers appreciated. Happy to share logs from Switch / Supplicant and ACS if needed.
Hello Dheeraj, that does not seem to be the case, as the radius configs are set on the Switch and not on the end points.
A quick update to my situation though....
1. Windows XP Supplicant connected behind a Cisco IP Phone does not work with EAP-TLS (Certificates) but works fine when PEAP is used at the Auth method.
2. Windows XP Supplicant connected without the IP Phone on the same port works fine with EAP-TLS.
3. Juniper Supplicant connected behind a Cisco IP Phone works fine with EAP-TLS>
4. The error seen on the switch when EAP-TLS authentication is attempted by windows supplicant while connected behind the IP Phone - âdot1x-err (port number of the switch) : Invalid EAPOL packet length = 1490
Seems to me like an MTU issue, however not sure how to address that...
We are pleased to announce availability of Beta software for 16.6.3. 16.6.3 will be the second rebuild on the 16.6 release train targeted towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are looking for early feedback from custome...